First is that my app, that had been working for many months, is suddenly broken. I’ve seen a problem with a Cosmos node on mainnet last week but my app is set on testnet. The popup simply says
Unable to detect login share from the Auth Network. This may be due to slow internet connection. Check your internet speed and try again. If you're using a vpn, please turn it off.
My team members have the same issue. So it’s not VPN or internet speed, and there must be a problem either with web3auth or from my settings.
I want to verify the configuration of my verifier, on the dashboard. When clicking the three dots next to it, I don’t have the “Edit” option anymore: I can’t see what my verifier parameters are. This button used to be there but it’s now disappeared.
I’ve tried to create a new verifier but the JWK endpoint that I provide is marked as not valid. Could it be what is failing in the original verifier? Why would it fail now, as I haven’t modified that endpoint and web3auth had no issue using it for the past 4months until 2 days ago?
For 3/, I have pinpointed the problem: https://api-dashboard.web3auth.io/verifiers/validate/jwk makes a request to the provided endpoint and is returned with a 401 from my website, type “cors”. This is likely where the problem lies. I could verify the issue on my server: the JWKs is visible from a local computer but not from your API request. No clue is given from my (vercel) server, apart from your user-agent string, Go-http-client-2.0 and the 401.
For the error message of the popup, this is of course the same issue. In the console of the popup I can actually read Could not get result from torus nodes \n Error occurred while verifying paramsfailed to fetch remote JWK (status = 401).
I don’t know if I should close the issue yet, as I didn’t modify anything on my vercel. It used to work decently with web3auth.
=> Perhaps web3auth itself has changed the way requests are made, and is blocked from all vercel apps.
=> If not, then it’s on my side, but web3auth should not display “slow internet connection, turn off your VPN” but the actual error. You actually have the error message logged in the console of the popup. Why not pass it to the HTML?
=> Finally, the “Update verifier” button should not disappear in the dashboard, even if it’s because my JWK endpoint has become invalid, because the user cannot even see any settings anymore (if that is the reason why the button is not there for this particular verifier).
=> To conclude, I’m also unable to modify the original post anymore, for anyone looking for the actual nailed down issue.
I still can’t see the Update button. My verifier is called brillion-verifier1 and I’ve been using it on testnet for 10 days until the problem starts. I am the creator of that verifier, could I be removed permissions?
I’ve enabled CORS in my JWK NextJS API route (according to How to Enable CORS on Vercel). But when I create a new verifier and provide it with this CORS-enabled endpoint, I still get rejected with the same response:
Aaah I have a password protecting my JWK page All my fault.
I do feel a bit misled still. I don’t think that the error messages helped much, mostly in the popup. I realized the error when I did a curl from a terminal and got the html/svg password input in response, instead of the json. I didn’t have any cors error or 401. Perhaps you get a 401 because you’ve set Content-Type: application/json in your own request header.
I see in a 401 documentation page that
The server generating a 401 response MUST send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.
I don’t know why it ends up shown as a “cors” problem. 401 should be explicitly displayed as an authentication issue.
Now I need to remove my password-protected page, but maybe you could have an input for people in my situation where we can file the password protecting the JWK endpoint.
The verifier with the invalid JWK endpoint should still be accessible with the button “Update verifier”
It’s great to hear that you resolved your problem.
Currently we’re disabling setting ownership of verifiers as it requires users to have Goerli ETH to make changes to verifiers as many people saw it’s quite complicated, that’s why you cannot update yours.
We’re working on the improvement and in the future, people should be able to edit their verifiers.
For now, if you want to edit verifiers, you may consider creating a new one. Sorry for any inconvenience that you have faced.
